paulmataruso/tacticalrmm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactoring server install doc, and other tweaks

Browse Source
This commit is contained in:
silversword411
2021-09-13 10:08:39 -04:00
parent 05837dca35
commit 7e66b1f545
5 changed files with 101 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/docs/contributing_using_a_remote_server.md
View File

@@ -9,7 +9,7 @@ The below instructions are for a non-production server that has Tactical RMM ins
### 1. Traditional install ### 1. Traditional install
This guide assumes you have done a [Traditional Install](https://wh1te909.github.io/tacticalrmm/install_server/). This guide assumes you have done a [Traditional Install](install_server.md).
### 2. Install VSCode and Extensions ### 2. Install VSCode and Extensions
Download VSCode [here](https://code.visualstudio.com/download) Download VSCode [here](https://code.visualstudio.com/download)

84
docs/docs/install_server.md
View File

@@ -1,26 +1,37 @@
# Installation # Installation
## Minimum requirements ## General Information
### Minimum requirements
#### Hardware / OS
- A fresh linux VM running either Ubuntu 20.04 or Debian 10, with a minimum of 3GB RAM (4GB Recommended). - A fresh linux VM running either Ubuntu 20.04 or Debian 10, with a minimum of 3GB RAM (4GB Recommended).
!!!warning !!!warning
The provided install script assumes a fresh server with no software installed on it. Attempting to run it on an existing server with other services **will** break things and the install will fail.<br/><br/> The provided install script assumes a fresh server with no software installed on it. Attempting to run it on an existing server with other services **will** break things and the install will fail.
The install script has been tested on the following public cloud providers: DigitalOcean, Linode, Vultr, BuyVM (highly recommended), Hetzner, AWS, Google Cloud and Azure, as well as behind NAT on Hyper-V, Proxmox and ESXi.
!!!note !!!note
We highly recommend staying current with updates (at least every 3 months when you update your SSL certs is a good minimum) while Tactical RMM is still working towards its 1.0 release. The install script has been tested on the following public cloud providers: DigitalOcean, Linode, Vultr, BuyVM (highly recommended), Hetzner, AWS, Google Cloud and Azure, as well as behind NAT on Hyper-V, Proxmox and ESXi.
#### Network Requirements
- A real (internet resolvable) domain is needed to generate a Let's Encrypt wildcard cert. _If you cannot afford to purchase a domain ($12 a year) then you can get one for free at [freenom.com](https://www.freenom.com/)_ - A real (internet resolvable) domain is needed to generate a Let's Encrypt wildcard cert. _If you cannot afford to purchase a domain ($12 a year) then you can get one for free at [freenom.com](https://www.freenom.com/)_
- example.local is __NOT__ a real domain. No you [don't have to expose your server](faq.md#can-i-run-tactical-rmm-locally-behind-nat-without-exposing-anything-to-the-internet) to the internet - example.local is __NOT__ a real domain. No you [don't have to expose your server](faq.md#can-i-run-tactical-rmm-locally-behind-nat-without-exposing-anything-to-the-internet) to the internet
- A TOTP based authenticator app. Some popular ones are Google Authenticator, Authy and Microsoft Authenticator. - A TOTP based authenticator app. Some popular ones are Google Authenticator, Authy and Microsoft Authenticator.
## Install #### Update Recommendations
!!!info !!!note
It is recommended that you keep your server updated regularly (monthly). SSL wildcard certs will expire every 3 months and need manual updating as well. <br/><br/> We highly recommend staying current with updates (at least every 3 months when you update your SSL certs is a good minimum) while Tactical RMM is still working towards its 1.0 release.<br/><br/>
Until we reach production release, there may be architectural changes that may be made to Tactical RMM and only a regular patching schedule is supported by developers. Until we reach production release, there may be architectural changes that may be made to Tactical RMM and only a regular patching schedule is supported by developers.
## Option 1: Easy Install
Install on a VPS: DigitalOcean, Linode, Vultr, BuyVM (highly recommended), Hetzner, AWS, Google Cloud and Azure to name a few
Use something that meets [minimum specs](install_server.md#hardware-os)
### Run updates and setup the linux user ### Run updates and setup the linux user
SSH into the server as **root**. SSH into the server as **root**.
@@ -125,7 +136,8 @@ Answer the initial questions when prompted. Replace `example.com` with your doma
!!!warning !!!warning
TXT records can take anywhere from 1 minute to a few hours to propogate depending on your DNS provider.<br/> TXT records can take anywhere from 1 minute to a few hours to propogate depending on your DNS provider.<br/>
You should verify the TXT record has been deployed first before pressing Enter.<br/> You should verify the TXT record has been deployed first before pressing Enter.<br/>
A quick way to check is with the following command:<br/> `dig -t txt _acme-challenge.example.com` A quick way to check is with the following command:<br/> `dig -t txt _acme-challenge.example.com`<br/>
or test using: <https://viewdns.info/dnsrecord/> Enter: `_acme-challenge.example.com`
![txtrecord](images/txtrecord.png) ![txtrecord](images/txtrecord.png)
@@ -147,9 +159,59 @@ Once logged in, you will be redirected to the initial setup page.
Create your first client/site, choose the default timezone and then upload the mesh agent you just downloaded. Create your first client/site, choose the default timezone and then upload the mesh agent you just downloaded.
### You're Done
[Update Regularly](install_server.md#update-regularly)
## Option 2: Install behind NAT Router
Install in your local network using: Dedicated hardware, Hyper-V, Proxmox or ESXi. All been tested and work fine.
Do everything from [Option 1: Easy Install](install_server.md#run-updates-and-setup-the-linux-user)
### If you only have agents on the private network/subnet
Make sure your local DNS server (or agents hosts file) have your Tactical RMM server IP addresses for the 3 domain names: `rmm`, `api` and `mesh`
### Agents exist outside the private network/subnet - Setup Port Forwarding
If you have agents outside your local network: Make sure the public DNS servers have A records for the 3 Tactical RMM server domain names: `rmm`, `api` and `mesh`
Login to your router/NAT device.
1. Set your TRMM server as a static IP (Use a DHCP reservation is usually safer)
2. Create 2 port forwarding rules. `TCP Port 443` and `TCP Port 4222` to your private IP address.
### You're Done
[Update Regularly](install_server.md#update-regularly)
## Option 3: Installs by Network Wizards
Use the scripts above.
### Requirements
1. TLD domain name which is internet resolvable (this is for a LetsEncrypt DNS wildcard request during the install script [validated by DNS txt record](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge)).
- Test using: <https://viewdns.info/dnsrecord/>. Enter: `_acme-challenge.example.com`
2. Agents need to be able to connect to your server via DNS lookup (hosts file, local DNS, smoke signals etc.).
- Test from agent: `ping rmm.example.com`. Should result in the IP of your Tactical RMM server
- Test from agent: `ping api.example.com`. Should result in the IP of your Tactical RMM server
- Test from agent: `ping mesh.example.com`. Should result in the IP of your Tactical RMM server
!!!note !!!note
Though it is an unsupported configuration, if you are using HAProxy or wish to configure fail2ban this might be of use to you [Unsupported Configuration Notes](unsupported_scripts.md) Did you notice #2 doesn't need to be something publicly available?
That's it. You're a wizard, you know how to satisfy these 2 items.
You'll probably enjoy browsing thru the [Unsupported section](unsupported_guidelines.md) of the docs.
## Update Regularly ## Update Regularly
We've said it before, we'll say it again. We recommend regular updates. Every 3 months. We've said it before, we'll say it again.
- We recommend regular updates.
- Every 3 months.
- Do it when you update your SSL certs.

16
docs/docs/troubleshooting.md
View File

@@ -7,11 +7,25 @@ If you've asked for help in [#support](https://discord.com/channels/736478043522
Blur your domains if you desire privacy. Blur your domains if you desire privacy.
```bash ```bash
wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/troubleshoot_server.sh wget -N https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/troubleshoot_server.sh
chmod +x troubleshoot_server.sh chmod +x troubleshoot_server.sh
./troubleshoot_server.sh ./troubleshoot_server.sh
``` ```
## Make sure DNS (name resolution) was setup properly
### From the agent
Open command prompt
```cmd
ping rmm.example.com
ping api.example.com
ping mesh.example.com
```
The IP address for all 3 should reflect your Tactical RMM server
## Problems after new install ## Problems after new install
In the very unlikely event you have issues after install please wipe the box and install again (following all the steps including downloading the install script but not running it) use the following command which will log the install progress and if you continue to have issues will assist with support of the installation. In the very unlikely event you have issues after install please wipe the box and install again (following all the steps including downloading the install script but not running it) use the following command which will log the install progress and if you continue to have issues will assist with support of the installation.

16
docs/docs/update_server.md
View File

@@ -9,16 +9,22 @@ Other than this, you should avoid making any changes to your server and let the
## Updating to the latest RMM version ## Updating to the latest RMM version
!!!danger !!!danger
Do __not__ attempt to manually edit the update script or any configuration files unless specifically told to by one of the developers.<br/><br/> Do __not__ attempt to manually edit the update script or any configuration files unless specifically told to by one of the developers.
Since this software is completely self hosted and we have no access to your server, we have to assume you have not made any config changes to any of the files or services on your server, and the update script will assume this.<br/><br/>
You should also **never** attempt to automate running the update script via cron.<br/><br/> Since this software is completely self hosted and we have no access to your server, we have to assume you have not made any config changes to any of the files or services on your server, and the update script will assume this.
The update script will update itself if needed to the latest version when you run it, and then prompt you to run it again.<br/><br/>
You should also **never** attempt to automate running the update script via cron.
The update script will update itself if needed to the latest version when you run it, and then prompt you to run it again.
Sometimes, manual intervention will be required during an update in the form of yes/no prompts, so attempting to automate this will ignore these prompts and cause your installation to break. Sometimes, manual intervention will be required during an update in the form of yes/no prompts, so attempting to automate this will ignore these prompts and cause your installation to break.
SSH into your server as the linux user you created during install. SSH into your server as the linux user you created during install.
!!!danger !!!danger
__Never__ run any update scripts or commands as the `root` user.<br/>This will mess up permissions and break your installation. __Never__ run any update scripts or commands as the `root` user.
This will mess up permissions and break your installation.
Download the update script and run it: Download the update script and run it:

1
docs/mkdocs.yml
View File

@@ -48,6 +48,7 @@ nav:
- "Contributing to Community Scripts": contributing_community_scripts.md - "Contributing to Community Scripts": contributing_community_scripts.md
- "Contributing using VSCode": contributing_using_vscode.md - "Contributing using VSCode": contributing_using_vscode.md
- "Contributing using Docker": contributing_using_docker.md - "Contributing using Docker": contributing_using_docker.md
- "Contributing using a Remote Server": contributing_using_a_remote_server.md
- License: license.md - License: license.md
site_description: "A remote monitoring and management tool" site_description: "A remote monitoring and management tool"
site_author: "wh1te909" site_author: "wh1te909"